﻿<%@ Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl<dynamic>" %>

<h3>Attack Scenario:</h3>
<p>This example simulates an online payment process.</p>
<p>The user has ordered goods and the following information information is shown on the webpage for user to confirm the order.</p>
<p>There is a hidden field to keep track of the money to pay. Modify the number and lower your expenditure.</p>

<fieldset class="scenario_frame">
    <legend>Confirm Your Payment</legend>

    <p>
        Final step to check your payment information:
    </p>
    <p>
        Name:
    </p>
    <p>
        Address:
    </p>
    <p>
        Mobile Number:
    </p>
    <p>
        Total Payment: <span id="money">200HKD</span>
    </p>
    <input type="hidden" id="value" value="200" />
    <input type="submit" value="Confirm" />

</fieldset>

<div class="lab_frame">
<input type="button" id="show_source" value="Show Source" />
<pre class="prettyprint" id="hidden_source" style="display:none;">
&lt;legend&gt;Confirm Your Payment&lt;/legend&gt;
&lt;p&gt;
    Final step to check your payment information:
&lt;/p&gt;
&lt;p&gt;Name:&lt;/p&gt;
&lt;p&gt;Address:&lt;/p&gt;
&lt;p&gt;Mobile Number:&lt;/p&gt;
&lt;p&gt;
    Total Payment: 200HKD
&lt;/p&gt;
&lt;p&gt;
    &lt;input type="hidden" id="cost" value="<input type="text" id="hidden_val" name="hidden_val" size="4" value="200" />" /&gt;
&lt;/p&gt;
&lt;input type="submit" value="Confirm" /&gt;
</pre>
</div>
<script type="text/javascript">
    $("#show_source").click(function () {
        $("#hidden_source").show('fast');
    });
    prettyPrint();
</script>

<hr />